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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1 .1 14. Applicant's submission filed on 4/5/10 
has been entered. 

Claims 21-40 are pending. Claims 21 and 39 are amended. 

Response to Amendment 

Claim Objections 

Claims 1 and 39 are objected to because of the following informality: the 
instruction recited in the activating/deactivating limitation should be referenced with the 
article -the- since they were already defined earlier in the claim. Appropriate correction 
is required. 
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Response to Arguments 

Applicant's arguments with respect to claims 21 and 29 have been considered 
but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

Claims 21-40 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
USP 5,864,757 to Parker in view of USP Application Publication 2002/0186845 to Dutta 
et al., hereinafter Dutta. 

As per claim 21 , Parker teaches a method for managing the security of at least 
one additional application associated to a main application with a security module of an 
equipment connected, via a network, to a control server managed by an operator, the 
main application and the additional applications use resources as data or functions 
stored in a security module [SIM] locally connected to said equipment, comprising the 
following preliminary steps: 
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receiving via the network, by the control server identification data comprising at 
least the type and software version of the equipment (col. 6, line 46) and the identity of 
the security module (col. 1, lines 50-55 and col. 8, lines 21-25), 

analyzing and verifying by the control server of said data (col. 8, lines 26-28), 

generating, by the control server, a cryptogram (col. 8 , lines 41-44) from the 
result of the verification of said data, 

transmitting, by the control server, the cryptogram, via network and the 
equipment, to the security module (col. 8, lines 60-65), 

receiving and analyzing the cryptogram by the security module for acting on 
specific application according to instructions included in the cryptogram (col. 9, lines 50- 
55). 

Parker is silent in explicitly teaching selectively activating or deactivating at least 
one resource as data or functions stored in said security module by executing 
instructions included in the cryptogram and using the selected resource to condition the 
functioning of the at one additional application stored in the equipment according to 
criteria established by at least one of a supplier of said additional application, the 
operator, or the user of the equipment, wherein the resources as data or functions of the 
security module used by the main application are left active for connection of the 
equipment to the network so as to obtain further cryptogram from the control server. 

Dutta teaches the above limitation as selectively controlling resources of a 
security element (SIM) from application of the mobile phone wherein the main 
application (connectivity to the network) is left active (0007-0010). Dutta basically 
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teaches the authentication functions and other secured functions are disabled remotely. 
This prevents application such as web browsers (inherently for e-commerce 
transactions) from gaining access to security keys and other secured data stored in the 
SIM. The phone's ability to stay on the network is taught as a means to receive further 
remote commands and to respond to the security alert by sending acknowledgments 
and other location specific data (0021 and 0040). 

For purposes of examination, the main application is interpreted as the main 
network connectivity application and the additional applications are some software 
programs (such as web browsers) other than the main calling application. Parker 
discloses locking down a phone to only emergency calls. Even in the emergency mode 
the phone is sill able to connect to the network. Therefore it would have been obvious 
to one of ordinary skill in the art at the time of the invention to combined the teaching of 
Dutta with those of Parker to give service provides control over not only the calling 
functions of a cell phone but also the applications running on them in order to safeguard 
the SIM data. Deactivating just the security functions allows the phone to stay on the 
network, send acknowledgements of the remote commands, and report its location. 

As per claim 22, Parker teaches the equipment is a mobile equipment of mobile 
telephony (see abstract). 

As per claim 23, Parker teaches the network is a mobile network of the GSM, 
GPRS or UMTS type (col. 1, line 36). 
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As per claim 24, Parker teaches the security module is a subscriber module of 
a SIM card type inserted into the mobile equipment of mobile telephony (col. 1 , line 50). 

As per claim 25, Parker teaches the identification of the set mobile equipment 
/ subscriber module is carried out from the identifier of the mobile equipment and from 
the identification number of the subscriber module pertaining to a subscriber to the 
mobile network (col. 8, lines 55-65). 

As per claim 26, Parker teaches the criteria [locked/unlocked] defines the usage 
limits [activate / deactivate] of an application according to the risk [key exposure] 
associated to said application and to the type and the software version of the mobile 
equipment that the operator and/or the application supplier and/or the user of the mobile 
equipment want to take in account (col. 9, lines 2-4). Upon activating a locked phone, 
Parker teaches a phone can be relocked if a key is compromised and needs to be 
changed. This process takes into account the identity information inside the phone, 
including the SIM. 

As per claim 27, Parker teaches the activation method is carried out after each 
connection of the mobile equipment to the network (col. 9, line 1 1). A check is made at 
turn on to see if the device is locked. It does however bypass the rest of the activation 
method and goes to the authentication part of the method if the check is satisfied. 

As per claim 28, Parker teaches the activation method is carried out after each of 
updating the software version of the mobile equipment (col. 9, lines 1-5). Anytime the 
phone receives a new subscriber identification code it is necessary for the handset to 
re-register with the base station. 
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As per claim 29, Parker teaches the activation method is carried out after each 
activation or deactivation of an application on the mobile equipment (col. 9, lines 1-5). 

As per claim 30, Parker teaches the activation method is carried out after each 
updating of the software version of the subscriber module (col. 9, lines 1-5). Anytime 
the phone receives a new subscriber identification code it is necessary for the handset 
to re-register with the base station. 

As per claim 31 , Parker teaches the activation method is out after each updating 
of the resources on the subscriber module (col. 9, lines 1-5). Anytime the phone 
receives a new subscriber identification code it is necessary for the handset to re- 
register with the base station. 

As per claim 32, Parker teaches the activation method is carried out periodically 
at a rate [each startup] given by the control server (col. 9, line 11). 

As per claim 33, Parker teaches the activation method is carried out after each 
initialization of an application on the mobile application (col. 9, lines 1-5). Activation is 
synonymous with initialization. 

As per claim 34, Parker teaches the subscriber module, prior to the execution of 
the instructions given by the cryptogram, compares the identifier of the mobile 
equipment with that previously received (Fig. 5, 172). 

As per claim 35, Parker teaches the control server, prior to the transmission of 
the cryptogram, compares the identifier of the mobile equipment with that previously 
received and only initiates the verification operation if the identifier has changed (col. 8, 
lines 55-65). This activation is only done a second time if the SIM or any of its values 
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change. Otherwise, the server already knows the phone is ok and does not send it a 
new IMSI. 

As per claim 36, Parker teaches the cryptogram is made up of a message 
encrypted by the control server with the aid of an asymmetrical or symmetrical 
encryption key from a data set containing, among other data, the identifier of the mobile 
equipment, the identification number of the subscriber module, the resource references 
of the subscriber module and a predictable variable (col. 8, lines 50-59). 

As per claim 37, Parker is silent in disclosing the subscriber module transmits to 
the control server, via the mobile equipment and the mobile network, a confirmation 
message when the subscriber module has received the cryptogram, said message 
confirming the correct reception and the adequate processing of the cryptogram by the 
subscriber module. Dutta teaches this limitation (0037 and 0040). Examiner supplies 
the same rationale as recited in the rejection of claim 21 to incorporate leaving the main 
application functional in order to receive acknowledgement of the phone's deactivation. 

As per claim 38, Parker teaches the equipment is a Pay-TV decoder or a 
computer to which the security module is connected (col. 12, lines 60-65). 

As per claim 39, it is rejected for the same reasons as claim 1 . 

As per claim 40, Parker teaches a subscriber module of the "SIM card" type 
connected to a mobile equipment (col. 1, lines 50-55). 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William Korzuch can be reached on 571-272-7589. The fax 
phone number for the organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/M. R. V./ 

Examiner, Art Unit 2431 



/William R. Korzuch/ 

Supervisory Patent Examiner, Art Unit 2431 



